Re: Understanding ports?
From: Barry Margolin (barmar@genuity.net)
Date: 12/12/02
- Next message: Damian Menscher: "Re: Best program to fully wipe hard drive"
- Previous message: tofu: "Understanding ports?"
- In reply to: tofu: "Understanding ports?"
- Next in thread: Matt Curtin: "Re: Understanding ports?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Barry Margolin <barmar@genuity.net> Date: Thu, 12 Dec 2002 20:38:57 GMT
In article <H70v4y.HKB@news.boeing.com>, tofu <tofu@synergy.com> wrote:
>I often see "ports" discussed in regard to networks, routers and computer
>security.
>
>What are ports? Is there an easy tutorial URL you can refer me to, to help
>me understand whats being talked about when someone refers to a particular
>port number?
The best way to understand this is to get a basic tutorial on TCP/IP. I'll
try to answer very briefly and superficially (and not even very accurately
-- I'm purposefully omitting some details because I want it to be simple).
Port numbers are the way that correspondents of TCP and UDP packets are
identified. Servers typically listen for connections on a well-known port
that's associated with the service they provide (e.g. port 25 for SMTP).
There's also a port at the client end that's dynamically allocated, for use
in routing the replies back to the client application.
You could think of ports as being analogous to extension numbers in a phone
system. The IP address is like the main phone number, which gets you to
the machine or company, and the port/extension identifies the specific
process/office.
>Say if I was watching network activity with Wallwatcher. What do the port
>numberings signifiy? What would be important to look for in terms of
>unauthorized attempts to access my computer.
You need to know which services you're intentionally accessing, and their
associated port numbers. For instance, when you're accessing a web server,
you'll usually be connecting to its port 80 and/or 443 (the latter is used
for SSL-encrypted connections), so packets with those remote ports are OK.
For the most part, port numbers under 1024 are used for well-known
services. If your computer is not a server, you should rarely see incoming
packets with low destination ports; such packets suggest someone is trying
to access your system (they may be doing a port scan, trying to find any
ports your system is listening on).
-- Barry Margolin, barmar@genuity.net Genuity, Woburn, MA *** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups. Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.
- Next message: Damian Menscher: "Re: Best program to fully wipe hard drive"
- Previous message: tofu: "Understanding ports?"
- In reply to: tofu: "Understanding ports?"
- Next in thread: Matt Curtin: "Re: Understanding ports?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
